CVE-2025-34152 PoC — Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter

Source

Associated Vulnerability

Description

Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE (CVE-2025-34152)

Readme

# ⚠️ CVE-2025-34152 – Shenzhen Aitemi M300 Wi-Fi Repeater RCE

## 🚨 Overview

Shenzhen Aitemi M300 Wi-Fi Repeater is affected by an **unauthenticated remote code execution (RCE)**.

* No login required
* Does **not** reboot the device
* Can be exploited remotely

---

## 🛠 Vulnerable Versions

| Version | Status                  |
| ------- | ----------------------- |
| 1.0.x   | ❌ Vulnerable            |
| 1.1.x   | ❌ Vulnerable            |
| 1.2.x   | ❌ Vulnerable            |
| 2.0.x   | ⚠️ Check Vendor Updates |

---

## 💡 Remediation

* Update to the latest firmware from vendor
* Restrict management interface access (LAN only)
* Enable firewall rules to block WAN access
* Monitor logs for suspicious requests

---


---

## 🧪 PoC (Lab Use Only)

> ⚠️ Do **not** use on public devices, only in a controlled lab environment.

```bash
go run CVE-2025-34152.go
```

---
## 🔗 References

* [CVE Details](https://www.cvedetails.com/cve/CVE-2025-34152)
* Vendor Advisory: Shenzhen Aitemi official site
* Exploit analysis: Security blogs

File Snapshot

 [4.0K]  /data/pocs/c40cfc14d0497838f69d4ef9cf5aaff3ccb8fc6b
├── [2.0K]  CVE-2025-34152.go
├── [6.9K]  LICENSE
└── [1.1K]  README.md

0 directories, 3 files

Remarks